The zero-day that could've compromised every Cursor and Windsurf user
From BleepingComputer to All on Fri Jul 11 11:33:34 2025
Learn how one overlooked flaw in OpenVSX discovered by Koi Secureity could've let attackers hijack millions of dev machines via an extension supply chain attack. The zero-day threat's been patched-but the wake-up call is clear: extensions are a new, massive supply chain risk. [...]